Category Archives: Password Security

As the weather warms up articles to remind us about cleaning up our devices, online accounts, making backups, and changing passwords are sure to show up, but don’t forget to add your wireless router to this list. Over time the wireless environment may have changed and the number of devices connecting to the network has increased and you have noticed a decrease in the performance. I have listed some items to check to either improve the performance or security of your wireless network.

Upgrade the Router

Electronics age fast and if you’re still running an 802.11g router it is time to upgrade. Look for an 802.11n protocol wireless router or get the latest and greatest 802.11ac router and be ready for the next wave of wireless devices. Either way you’ll notice a performance boost and the router won’t create a bottleneck in the network.

Check for the Latest Firmware

While not as often as Windows or Apple software updates a routers software called firmware does get the occasional update. Firmware could add functionality, patch bugs, or add security features. When you log into the routers management interface look for the firmware section to verify the current version and download any available updates. The firmware update could take several minutes to complete and at some stages you may think nothing is happening, but do not power off or restart the router during the update since this could brick the device!

Move to the 5 GHz Band

This could be more technical than most people can understand, but wireless networks can run in the 2.4 GHz and 5 GHz bands. Most home wireless networks use the 2.4 GHz band and along with wireless networks the 2.4 GHz band has signals from microwaves, cordless telephones, baby monitors, and other home devices making it very crowded. With the 2.4 GHz band being so crowded there are interference issues that can affect performance of the wireless network. Setting up the wireless network in the less used 5 GHz band will result in less interference and better performance.

Change the Channel

Whether you’re wireless network runs in the 2.4 GHz or 5 GHz band things around you may have changed since the original setup and a quick scan of the neighboring networks may show channel interference. Scanning utilities such as InSSIDer or WiFi Analyzer will offer a snapshot of the wireless networks in range along with channel usage. As mentioned the 2.4 GHz band will be very crowded and channels 1, 6, and 11 the most heavily used. The best option is to move the network to the 5 GHz band, but if you stay in the 2.4 GHz band move the network to a non-used channel, but know that interference from adjacent 2.4 GHz channels can still effect performance of the wireless network.

Upgrade to WPA2 Security

If your still using WEP for wireless security it is time to update it to WPA2. WEP was cracked long ago and many utilities to crack WEP are freely available from the internet. When selecting the WPA2 Passphrase don’t use a common dictionary word, your pet’s name, your phone number, keyboard pattern, ect… For the best security a completely random 20 plus character WPA2 passphrase should be used. For further advice on selecting a secure WPA passphrase please read my earlier blog post.

Disable WPS

WiFi Protected Setup (WPS) or push and connect security has a known security flaw and should be disabled in the routers management interface. Even if you’re not using WPS to connect and secure devices to the wireless network it could be enabled by default and needs to be disabled manually.

Change the Passphrase

It is recommended to change personal passwords regularly so include your wireless passphrase to that list and make sure to change it at least once a year. For further advice on selecting a secure WPA passphrase please read my earlier blog post.

Setup a Guest Network

If people come to your house and ask to get on the wireless network it might be time to set up a separate guest network. It is not a good idea to hand out the WPA2 code for the main wireless network to everyone and having the guest network and traffic isolated from the main network is preferred. Many home routers allow multiple networks or enabling the guest network. You can also use a second router for the guest network, but make sure the routers are physically 10 feet apart from each other, and use enough channel separation to eliminate interference. Do assign a simpler WPA2 passphrase on the guest network so you’re not broadcasting an open network that anyone can connect to.

Disable Slower Wireless Protocols

Disabling slower protocols basically disables slower network speeds and can improve performance of the network. If your router and devices support the 802.11n protocol then disabling the 802.11g and 802.11b protocols will keep those devices from connecting and causing the network to communicate at those slower speeds.

Conclusion

So don’t run over to the wireless router with the feather duster or throw it in the dish washer, but if the network seems sluggish or not running as smoothly as it once was there are some things you can do. Check the user’s manual or the router manufactures website for extra help and tips to set up or configure the router. Thanks for reading and post any comments or questions below. I may not be able to answer specific router questions, but I can try to respond with a link or site URL for extra help.

The worst passwords of 2012 were recently released, and in many instances an eight character password is the only line of defense to get access to your computer, programs, and any online resources you may use. The simplest method to be more protected is to use a secure form of a password called a complex password or a Passphrase. The easiest way to create a passphrase is to use a short sentence. These short sentences are easy to remember, but because sentences are longer, and have capital letters, spaces, punctuation, and sometimes even numbers, passphrases are stronger than passwords.

A quick example of a simple passphrase is “My daughter is in the 1st grade!”. It is 32 characters long and contains an upper case letter, a number, a special character, and most importantly it is easy to remember. Some systems may not like the spaces between the words, and some people may just prefer to leave them out, so the passphrase sentence could be adjusted to leave out the spaces and become “Mydaughterisinthe1stgrade!”. The downside of a passphrase is it requires more typing time, but I will trade that extra time to type a passphrase for the added security than use a weak common dictionary word for convenience.

I have been using passphrases for a while and I can remember almost all of my most often used passphrases, but occasionally I do need a little help to remember one. When I need help remembering a passphrase I use a password manager program called KeePass. I find KeePass invaluable for storing, managing, and looking up passphrases, and KeePass stores the password database in an encrypted format. KeePass can do the remembering for you, but the program is password protected, so you will at least have to remember one password to get access to all your others!

So what’s next when passphrases are as insecure as a password, and adding characters to passphrases gets to be unmanageable. Currently some sites are offering two-factor authentication and Google is one such site that offers two step authentication. Besides the basic layer of something you know, your password, Google adds a second layer of something you have, your cell phone, which is used to have a pin texted to you that needs to be entered along with the password to complete the login process.

Windows 8 has a Picture Password option and some apps are available for Android that can also provide picture passwords. A picture password eliminates the traditional password and allows you to successfully draw shapes or symbols on a background image to get access to the system.

Extra Passphrase Tips:

Change your passphrases every 6 months, and for more sensitive systems like online banking try to change the passphrase every 90 days. This is kind of a pain, but definitely worth the extra effort to be ultimately secure.

Don’t use the same passphrase for multiple systems or sites. Each system or site should have its own passphrase. If you are using the same passphrase for more than one site and if it was discovered you could be handing over access to multiple accounts!

If you ever wanted to check the strength of your passwords Microsoft has a password checker web page where you can type in your password and it will display if it is Weak, Medium, Strong, or Best. You should test the strength of your passwords and/or passphrases to see how secure they are, its fun!

To read about some different password manager programs besides KeePass check out this article.

Don’t make yourself an easy target for hackers and change your passwords to passphrases, or take avantage of sites or programs offering two factor authentication or picture passwords. Thanks for reading and please leave any questions or comments you might have about passphrases.

You’ve set up a wireless network in your home or small office and configured it with the highest level of encryption using a WPA2 passphrase. But is that WPA2 passphrase strong enough to protect the wireless network? A weak WPA2 passphrase could be hacked allowing an unauthorized person to use the wireless network. Even worse this unauthorized person could decrypt the communications revealing emails you send, web sites you visit, and passwords you use for access to websites.

You’re probably saying to yourself if WPA2 encryption could be broken on my wireless network is there anything I can do to improve security for the network? Yes, with a couple of safe guards WPA2 can provide the required security, and I will describe how to apply these safe guards by always changing the factory default network SSID, and how the WPA2 passphrase should be a completely random string of characters.

All small office home office routers ship from the factory with a default SSID assigned to the wireless network name. It might be Dlink, Linksys, or something else the vendor selected. You should always change this SSID to something of your choosing, but avoid a network SSID that might identify who owns the network, or something found in the top 1000 SSID names. Along with the WPA2 passphrase, the SSID is used to create the key to encrypt the wireless communications. Even though the SSID name can easily be found, if you’re using the factory default SSID or a common SSID name you make the job of the hacker that much easier.

With the SSID changed let’s move on to WPA2 passphrase. The WPA2 passphrase should be a completely random string of letters and numbers. Don’t use common dictionary words, names, a famous quote, the name of your favorite sports team, etc… At a minimum the WPA2 passphrase should be 25 characters, and you can bang on the keyboard until you get something with 25 characters or use a password generator web site. I like to use the password generator on the WhatsMyip.org website. If you use this site scroll down to the bottom of the page and look for the WPA Password Generator section, and use the “Better” option to generate a random 32 character passphrase.

WPA Password Generator

After getting WPA2 passphrase entered into the wireless management interface on the router you should copy it into a Notepad file and save that to a USB storage drive. You can plug the USB drive into the other wireless devices and open the file to copy and paste the WPA2 passphrase into those devices to quickly add them to the network. Some devices may not have USB ports, and may require you to manually type in the passphrase, but this will be a onetime entry since the devices will save the passphrase.

The two suggestions above will increase the security of your wireless network and make it harder for a potential hacker to break. Making your wireless network a difficult target will more than likely cause a hacker to move on to an easier one.